Vulnerability Details : CVE-2019-0192

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

Vulnerability category: Execute code

Published 2019-03-07 21:29:00

Updated 2020-12-09 11:15:12

Source Apache Software Foundation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-0192

Probability of exploitation activity in the next 30 days: 96.46%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-0192

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-0192

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Assigned by: [email protected] (Primary)

References for CVE-2019-0192

https://security.netapp.com/advisory/ntap-20190327-0003/

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2413

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuoct2020.html

CVEs referencing this url
https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E

CVEs referencing this url
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

CVEs referencing this url
https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3E

Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3E

Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3E

Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

CVEs referencing this url
http://www.securityfocus.com/bid/107318

Third Party Advisory;VDB Entry
https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3E

Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

CVEs referencing this url
http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E

Mitigation;Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a@%3Cdev.lucene.apache.org%3E

Mailing List;Vendor Advisory

Products affected by CVE-2019-0192

Apache » Solr
Versions from including (>=) 6.0.0 and up to, including, (<=) 6.6.5
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Matching versions
Apache » Solr
Versions from including (>=) 5.0.0 and up to, including, (<=) 5.5.5
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Matching versions
Netapp » Storage Automation Store » Version: N/A
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Matching versions